A new SharePoint Online feature blocks access to newly uploaded files until Office 365 Data Loss Prevention processes the files to detect policy violations due to the presence of sensitive data. DLP processing for SharePoint Online can take several hours to reach new files, so enabling sensitive by default stops users inadvertently sharing sensitive content until DLP can process files. The downside is that you can't apply sensitive by default to individual sites. It's all or nothing...